Spear Phishing Assaults on American Government Agencies Involve Java RAT

According to investigators at Symantec the security company, they've discovered one spear phishing scam that targets agencies of the government, chiefly inside USA. The scam is interesting in that it utilizes one Java-based RAT or 'remote access tool.'

The researchers highlight that utilizing Java RAT may prove extremely effective. Since the RAT, which has been named jRat, in reality works to be one Java applet; it can be executed on many OSs, in addition to Windows. The panel, which regulates RAT development, and which researchers recognized in the scam, indicates that it's capable of being utilized on FreeBSD, Linux, Mac OS X, Solaris and Open BSD.

For distributing the RAT, e-mails have been sent with title, "Obama's Data Harvesting Program and PRISM." There are 3 attachments to these e-mails, including 2 PDF files along with one .jar file that conceals the jRat remote access tool. Symantec, which identified the RAT as Backdoor.Jeetrat, said it could let cyber-crooks acquire full hold over the infected PC.

The company notes that the central C&C (command-and-control) systems utilized during the assault in question have been leveraged to spread more threats. When Symantec hunted various files stored on its archives to determine the residual threats with the help of the identical command-and-control system, it uncovered one RTF document.

The RTF is actually malicious as it piggybacks on CVE-2012-0158 the Windows Common Controls ActiveX Control Remote Code Execution Vulnerability of Microsoft. Symantec identified the security flaw as Bloodhound.Exploit.457 whose exploitation indicates that the identical cyber criminals were earlier typically dispatching malevolent files in their attacks to abuse certain security flaw so they could install a harmful executable, however, of late, changed towards dispatching harmful Java malware straight away. By not utilizing an exploit, alternatively any execution-prone payload/shellcode, the attack is much simpler where only one Java applet is employed.

Despite so, its risk isn't any less in comparison to the previous assaults as also it can disseminate even simply because exploits are normally restricted towards functioning on specified flawed OS and software versions, whereas the jRat can disseminate across all computers that have Java runtime loaded, the researchers observe.